is it possible to block this

keat63

• February 23, 2017 07:43

Is there any way to block things like this. [Thu Feb 23 13:31:52 2017] [error] [client -IP] File does not exist: /usr/local/apache/htdocs/PMA [Thu Feb 23 13:31:52 2017] [error] [client -IP ] File does not exist: /usr/local/apache/htdocs/sql [Thu Feb 23 13:31:52 2017] [error] [client -IP] File does not exist: /usr/local/apache/htdocs/dbadmin I have csf configured to block the IP upon 60 occurances, but it would be nice to have a rule that would block them the instance they tried to access areas such as /USR.

• 

  Jcats

  • February 23, 2017 14:16

  They don't have control over accessing /usr its just because they are 'scanning' for potential vulnerable applications by using your IP or server hostname which the docroot is set to /usr/local/apache/htdocs There is most likely mod_sec rules that catch this, but will need to research a bit.

  0
• 

  cPanelMichael

  • February 23, 2017 15:30

  Hello, I recommend configuring a ModSecurity rule to block access attempts to those directories. You can find discussion of this topic on a third-party URLs such as: Preventing vulnerability scripts from scanning apache server Thank you.

  0
• 

  keat63

  • February 24, 2017 07:46

  I read the above link, but it was pretty much inconclusive. I do have Comodo WAF installed, which has a userdata section. Does anyone know enough about Comodo, as again, I couldn't find anything definitive. There's a section named 'Blocked URL's' This list allows to block access to specified URLs on your site. If I were to populate this with /usr/local/apache, would this do the trick ?

  0

Please sign in to leave a comment.